vsoch
commented
1 year ago @cutecutecat if it’s up to the registry, we could expose this choice as a variable. Would you want to contribute a PR?
Closed cutecutecat closed 1 year ago
vsoch
commented
1 year ago @cutecutecat if it’s up to the registry, we could expose this choice as a variable. Would you want to contribute a PR?
cutecutecat
commented
1 year ago @cutecutecat if it’s up to the registry, we could expose this choice as a variable. Would you want to contribute a PR?
Actually, I am doing a survey about the compatibility of this feature from all registries. I found that even the official registry library https://github.com/distribution/distribution and its dependent lib go-digest does not support it either. They will return a UnsupportedAlgorithm error and behaves like this project.
Maybe it's also a good choice to be consistent with them.
vsoch
commented
1 year ago If I had to guess, the spec wants to be flexible for the world to change, e.g., for another kind of digest to be considered best practice. But in actual practice, that doesn't mean a registry actually follows that to support every and any digest - I think we still tend to focus on the one we think is best for the time. So I agree, since most people use/expect sha256 that's what we should use, and only make it more complicated when it's absolutely warranted.
Hello, I have a question about this oci registry. In oci image spec, it says:
ref: https://github.com/opencontainers/image-spec/blob/v1.0.1/descriptor.md#digests
This implement seems to reject artifacts with algorithms other than sha256? Do I understand correctly? Is there any special reason for this design?
Thanks for your answer.
https://github.com/vsoch/django-oci/blob/e420c55eb0f4e811a466f4291245d3f449a8928e/django_oci/storage.py#L131